To view a recording of this session Get Adobe Flash player

Prof. dr. ir. Frank PiessensFrank Piessens

Frank Piessens is a professor at the Department of Computer Science of the Katholieke Universiteit Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies.

He is an active participant in both fundamental research and industrial application-driven projects, provides consultancy to industry on distributed system security and serves on programme committees for various security-related international scientific conferences.

Frank teaches software security at the Katholieke Universiteit Leuven, and at various academic and industrial conferences.


 description

sandboxes and policies

Learning Objectives

Understand

  • the risks associated with mobile code;
  • sandboxing as a risk mitigation technique;
  • the use of policies as a technique for making sandboxes more flexible;
  • policy enforcement mechanisms.

Overview

In today's networked world code mobility is ubiquitous: downloading of applications from the Internet, automatic updating, installation
of plugins, Javascript in web pages, and so forth...

Depending on the context in which the code is run, running such code may carry a substantial risk. Sandboxing is the process of running untrustworthy code in such a way that the amount of damage it can do is limited. Sandboxing policies specify what the code is allowed to do and, more importantly, what it is not allowed to do. These policies then need to be enforced either by monitoring what the code is doing at run-time, by statically inspecting the code before running it, by rewriting the code before running it, or by a combination of these techniques.

In this module we discuss what kinds of policies can be relevant, and what kind of enforcement mechanisms exist. We discuss both existing practical systems as well as theoretical limitations on what policies can be enforced.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.